package com.ihrm.modules.sys.shiro;

import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.web.servlet.ShiroHttpServletRequest;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.apache.shiro.web.util.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import java.io.Serializable;

public class CustomSessionManager extends DefaultWebSessionManager {
	/**
	 * 获取请求头中key为“Authorization”的value == sessionId
	 */
	private static final Logger log = LoggerFactory.getLogger(CustomSessionManager.class);
	private static final String TOKEN = "Authorization";

	private static final String REFERENCED_SESSION_ID_SOURCE = "header";

	/**
	 * @Description shiro框架 自定义session获取方式<br/>
	 * 可自定义session获取规则。这里采用ajax请求头 token 携带sessionId的方式
	 */
	@Override
	protected Serializable getSessionId(ServletRequest request, ServletResponse response) {
		String id = WebUtils.toHttp(request).getHeader(TOKEN);
		if (StringUtils.isBlank(id)) {
			id = WebUtils.toHttp(request).getParameter(TOKEN);
		}
		// 如果请求头中有 Authorization 则其值为sessionId
		if (StringUtils.isNotBlank(id)) {
			log.info("请求头中获取");
			request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE, REFERENCED_SESSION_ID_SOURCE);
			request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, id);
			request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID, Boolean.TRUE);
			return id;
		} else {
			log.info("默认方式获取sessionId");
			// 否则按默认规则从cookie取sessionId
			return super.getSessionId(request, response);
		}

	}
}
